1. Field of the Invention
The present invention relates to computer systems. More particularly, the present invention relates to computer security.
2. Description of Related Art
A security gateway, such as a firewall, is often placed in the communication path between a private protected network and an untrusted network, such as the Internet, to provide data scanning services for the detection of viruses and other malicious code attempting to enter the protected network. Many of these security gateways require the receipt of the entire resource, such as the data of an entire executable file being downloaded, before the security gateway begins scanning the data of the resource for malicious code.
As the vast majority of normal Internet downloads are free of malicious code, holding the entire data of the resource at a security gateway causes unnecessary delay and may cause the communication channel to close because of inactivity timeouts. Consequently, some other security gateways forward the data of the resource to the intended destination before the security gateway has even scanned the data. This process of forwarding data of a resource to the destination before the data has been scanned by the security gateway is commonly termed “trickling”.
While trickling of data to a destination is sometimes necessary or even desirable, trickling creates problems when the data is found to contain malicious coed, i.e., is infected. With trickling, once the security gateway has discovered the data is infected, most of the malicious code has been transferred to the destination, so that currently the only recourse is for the security gateway to abnormally terminate the connection, and assume that the application receiving the data will delete the partially received data. Also with trickling, it is currently not possible to deliver a repaired version of the data since part of the infected data has already been delivered.